100% accurate line rate packet capture

Leveraging the power of DAG technology, EndaceProbes capture every packet from the wire, regardless of packet size or line rate, at speeds up to 40Gbps natively. When used with EndaceAccess™ Network Visibility Head-Ends, EndaceProbes can also provide full visibility into 100Gbps links.

Unlike NIC-based solutions, DAG technology uses direct memory access (DMA) to acquire and move packets from the wire directly into host memory using minimal CPU resources. By reducing the processing cycles required to acquire packets, applications hosted on the system can be given more resources to work with.

Highly accurate time stamping at the interface

For traders concerned with minimizing latency, and anyone interested in forensic packet reconstruction, highly accurate time stamping of captured packets is essential.

The DAG technology that underpins every EndaceProbe attaches a nanosecond accurate time stamp to every packet. Time stamps have a resolution of +/- 7.5 nanoseconds and an accuracy of +/- 50 nanoseconds. Using a timing input source, such as GPS, the time stamps on many EndaceProbes can be synchronized to within a few nanoseconds.

At 10Gbps, it's possible for anything up to 1500 packets to be given the exact same time stamp unless you have nanosecond-level accurate time stamps, which makes accurate reconstruction and forensic examination of traffic very challenging.

Write-to-disk

EndaceProbes allow captured packets to be recorded to local disk for retrospective analysis using a range of different analytics tools. Writing packets to disk at high line rates is a significant technical challenge and requires careful selection and optimization of system components.

EndaceProbes support up to 192TB of local storage (offering days to weeks of storage) and can write-to-disk at up to 40Gbps. A range of either SAS or SSD based EndaceProbe models are available to suit a wide range of throughput performance, storage, and space requirements.

Real-time protocol identification

Knowing exactly which application a packet relates to is essential for effective diagnostics and troubleshooting. The integrated Deep Packet Inspection (DPI) engine makes EndaceProbes "application aware". Every flow captured by EndaceProbes is given an application classification which is added into the metadata database that underpins EndaceVision.

Packet filtering, replication and de-duplication

Different tools require different packet inputs to provide visibility into different things. To ensure that applications operate at maximum efficiency, EndaceProbes can filter (and drop) packets based on a wide range of different parameters at all levels of the OSI stack.

Because EndaceProbes are multi-application capable there's often a requirement to send the same packet to two different places. To fulfill this requirement, EndaceProbes support packet replication and, where necessary, de-duplication.

Traffic indexing

As packets are recorded from the network they are indexed in real-time. The index is stored locally on every EndaceProbe and includes a wide range of essential metadata including application type, IP addressing, MAC address, time stamp, etc. that enables engineers to quickly isolate packets of interest from anywhere across the network.

The packet index is the power behind EndaceVision, the powerful, browser-based investigation application bundled with every EndaceProbe.

Support for custom and third-party applications

Hosted applications can access real-time traffic or, using Playback, historical traffic for analysis. . EndaceProbes allow up to four applications to be hosted simultaneously depending on the specification of the EndaceProbe model and the resource requirements of the hosted application.

NetFlow Generation

For a complete packet-and-flow monitoring fabric, EndaceFlow™ NetFlow Generators, or the EndaceFlow Application running in Application Dock, can deliver highly accurate NetFlow® V5, V9 or IPFIX. NetFlows can be either pure (unsampled) or sampled NetFlows and can be exported as a TCP stream via the management LAN.